ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
The Internet Systems Consortium (ISC) has released a critical security advisory warning network administrators of a high-severity vulnerability affecting the Kea DHCP server<\/a>.<\/p>\n Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error.<\/p>\n When successfully exploited, the vulnerability causes the receiving daemon to crash, resulting in a sudden and total loss of DHCP services across the network.<\/p>\n The vulnerability exists in how Kea daemons process incoming messages over specific listening channels.<\/p>\n An attacker can exploit this weakness by sending a maliciously crafted message over any configured API socket<\/a> or High Availability (HA) listener.<\/p>\n Because the incoming payload is not handled correctly by the software, a stack overflow occurs<\/a>, forcing the service to terminate unexpectedly.<\/p>\n This issue impacts multiple core components of the Kea architecture. The advisory explicitly notes that the\u00a0kea-ctrl-agent,\u00a0kea-dhcp-ddns,\u00a0kea-dhcp4, and\u00a0kea-dhcp6\u00a0daemons are all susceptible to this attack.<\/p>\n Ali Norouzi from Keysight is credited with discovering and responsibly reporting the issue to the ISC. Carrying a CVSS v3.1 score of 7.5, CVE-2026-3608 represents a significant threat to network stability.<\/p>\n The vulnerability requires zero user interaction and no elevated privileges<\/a>, meaning any bad actor with network access to the API sockets can trigger the crash.<\/p>\n The primary consequence of this exploit is a severe denial-of-service condition.<\/p>\n When the Kea daemons exit, the network immediately loses its DHCP capabilities, which can disrupt IP address assignment<\/a>, break network connectivity for new devices, and severely impact enterprise operations.<\/p>\n Fortunately, the ISC has stated that they are currently unaware of any active exploits in the wild.<\/p>\n To permanently resolve this vulnerability, the ISC strongly advises organizations to immediately upgrade<\/a> their Kea deployments to the latest patched releases.<\/p>\n Administrators running the 2.6 branch should update to Kea 2.6.5. In comparison, those on the 3.0 branch must update to Kea 3.0.3 to secure their environments against potential denial-of-service attacks<\/a>.<\/p>\n For network administrators who are unable to patch their systems right away, the ISC has provided an effective temporary workaround.<\/p>\n Organizations can block the exploitation path by securing their API sockets with Transport Layer Security (TLS)<\/a> and enforcing strict mutual authentication.<\/p>\n By configuring the server to require a valid client certificate, administrators ensure that an attacker cannot establish the initial API connection required to deliver the malicious payload.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n\nKea DHCP<\/strong> Vulnerability<\/strong>
\n<\/h2>\nMitigations and Workarounds<\/strong><\/h2>\n